SecureCRT and SecureFX for Windows -- A Secure Replacement for Telnet and FTP

SSH (Secure SHell) is a secure alternative to telnet. The ACCC supports and has a UIC site license for Van Dyke Software's SecureCRT SSH for Windows, which is described in this page. You'll probably finds that it works a lot like whatever telnet you've been using. (And if you don't like this SSH application, there's lots more to choose from; see More About SSH and Secure Shell (Secsh) below.)

SSH does a lot more for you than just replacing telnet. Van Dyke Software's SecureFX, SFTP software for Windows, works with SecureCRT and provides secure file transfer between your personal computer and the remote server you're logged into. SecureCRT also provides an easy and secure way to use X Windows -- SSH X11 Tunneling.

For more information and tips on using SecureCRT and SecureFX, see Van Dyke Software's technical documentation on SecureCRT and on SecureFX.

You've listened when we told you to be careful with your password, haven't you? You never write it down, you don't tell it to your friends, you don't save it in Eudora, you don't enter it on the Web except when you use WebMail or when you're asked for it by the UIC WWW Identification Service, a.k.a. Bluestem, and you use SSL when you connect to read your email. When you choose your passwords you don't use your spouse's name or your dog's name and you don't use a dictionary word that could be guessed.

That means your password is safe, doesn't it?

Well, not really. Each time you login to your argo, icarus, or tigger account, after you type your password and press Enter, your password is sent out over "the network." That ******** stuff you see as you type your password is just to fool anyone who's looking over your shoulder -- your actual password is sent over the network "in the clear," exactly as you typed it. That means that it could be intercepted and read by anyone else who's on the same network.

The same privacy considerations that apply to remote logins also apply to email and files. You have every right to expect security for your interactions when you're logged in to a remote host machine:

Authenticity:

Being able to tell without a doubt what the source of the data is. Your password tells the server who you are, but that's only half of the question; the server should also assure you what it is.

Privacy:

Scrambling data so it can't be used by anyone except the person or machine that it's intended for. Privacy in remote logins means encrypting your password and, for that matter, your entire session, so only you and the server you're logged into can read it.

Integrity:

Assurance that the server is receiving everything you send it, nothing more, nothing less. And vice versa -- assurance that you're receiving the exact messages, output, and files the server sends you, nothing more, nothing less.

When you login to a remote computer you are vulnerable in all these areas. Say you're going from here to there. If the route from here to there goes though someone else's network, a bad guy on that network could eavesdrop on your transmission, looking for passwords, credit card numbers, or business secrets. Or they could use IP spoofing to redirect your communications to a fake server. Or the bad guy on a machine that's somewhere in the middle of your route from here to there could intercept your traffic and respond to you as if it was there and respond to there as if it was you. That's called a "man-in-the-middle" attack, and if the man in the middle is careful, neither you here nor the remote host there would know that it had happened.

But with SSH you don't have to worry about any of that. Transparent security for logins is here -- secure remote logins with secure shell or SSH. SSH provides a secure replacement for telnet (with a secure and easy way to do X Windows; see Using Exceed X Server with SSH X11 Tunneling); for the UNIX "r" commands, rsh, rlogin, and rcp; and for FTP.

SSH's security is transparent because it's an application layer protocol -- you use SSH software to login to a remote host instead of using telnet. And SSH really is secure. It supplies two-way authentication, including the server authenticating itself to you. After exchanging keys, your entire session is encrypted, including your password and everything that you send to the host server and everything it sends to you.

The best thing about SSH is that all this security stuff goes on behind the scenes. From your point of view as a user, an SSH login session looks like just another version of telnet.

It's no harder to switch to an SSH secure remote login application than it is to change from one vendor's telnet to another's.

Interested? SecureCRT for Windows is can be downloaded for no charge from the University of Illinois Webstore.

The official Internet Engineering Task Force's (IETF) name for the IETF working group's draft of the SSH protocol is Secsh (SECure SHell). Secsh is commonly known as Secure Shell or SSH. The original SSH Secure Shell, now known as SSH-1, was designed in 1995 by Tatu Ylonen, a Finish computer scientist. Both "SSH" and "secure shell" are trademarks of his company, SSH Communications Security Corp, and their SSH software is called SSH Tectia, generally with the Tectia left off, which causes some confusion.

SSH version 2, usually called SSH-2, was first published in 1998.

The SSH code is used in a number of secure remote login applications, for a wide range of operating systems; see: http://linuxmafia.com/ssh/ for an up-to-date list and links.

For more information, see:

• Other SSH clients (and servers): http://linuxmafia.com/ssh/
  • PuTTY, a commonly used SSH for Windows and Unix
    
    
• IETF standards info on SECSH, SECure SHell, the SSH protocol: http://www.ssh.com/support/cryptography/protocols/
  
  
• Van Dyke Software's technical documentation on SecureCRT and on SecureFX

1. For members of the UIC community only, download SecureCRT and SecureFX (they come together) for no charge from the Webstore.
   
2. Double-click on the file's icon to unpack the zip file. There is a separate install exe for each program; it doesn't matter which order you install them. They both install in exactly the same way:
   
   
3. Double-click on the scrtnnn.exe file to install SecureCRT or on the sfxnnn.exe file to install SecureFX.
4. Click I Agree>> to agree to the licence agreement.
5. On the Welcome screen, click Next>>.
6. Select a directory to install the software in; click Next>>.
7. The next screen asks you where you want shortcuts placed. It also asks about whether you want a "Common profile (affects all users)" or a "Personal profile". I'm not sure what those are asking; I thought it was whether the sessions you define are available for other users of the machine, but that doesn't seem to be the case. Choose and click Next>>.
   
   
8. Choose Protocols: Select the protocols to be installed. This is the only piece of the install that it's important to have separate instructions for SecureCRT and SecureFX:
   • SecureCRT: For ACCC machines you need SSH2; for completeness, I would install the whole first row, in case you have to connect to other machines: SSH2, SSH1 and SSH2, Telnet, and Telnet/SSL
     (Hopefully you wouldn't have to use Telnet.)
     
   • SecureFX: For ACCC machines, use SFTP; for completeness install all three: SFTP, FTP over SSL, and FTP.
     
     
9. On the Ready to Install screen, click Finish.
10. On the Success! screen, click to read the Readme file, which is an introduction to the software, and the History file, which is a list of bug fixes, then click OK.
    
    
    
11. Repeat Steps 3-10 for SecureFX.

1. Open SecureCRT. Use: Start->Programs->SecureCRT->SecureCRT or double-click a SecureCRT icon if you created one.
   
   
   
2. The first time you open it, SecureCRT will ask you to choose a location for a configuration file; accept the default, which is in your application Data directory. Also, the first time you open it, it will automatically open a "Quick Connect" dialog box.
3. If SecureCRT isn't your default Telnet application, click Yes to make it your default Telnet application.
4. Fill out a Quick Connect dialog box for the system you want to connect to. For tigger, use:
   • Protocol: SSH2
   • Hostname: tigger.uic.edu
   • Port: 22, Firewall: None, which are the defaults.
   • Authentication: Uncheck everything except Password.
   • At the bottom: Check Save session if you want to keep it, Open in a tab if you want it opened in a tab (duh!). You probably do want to Show quick connect on startup.
     
     
   • Click Connect when you're finished, to both save the session definition and connect.
     
5. If this is the first time you've used SecureCRT to connect to this remote host, SecureCRT will show you the host's public key. If you trust this is the right host, click Accept and Save. (Trust is involved, as it has to be.)
   
   
6. The Enter Secure Shell Password dialog box opens. Type your password in the Password: box, and either press Enter or click OK.

If you're defining a connection to a machine that you're going to use on a regular basis, you can save a copy of the session definition on your desktop.

1. Save the connection by clicking Save Session when you're defining the session in the Quick Connect dialog box.
2. Open the tree listing your saved sessions (use the first icon in the main window tool bar).
3. Right-click on the session that you want to save on your desktop.
4. Select Create Desktop Shortcut from the Right-click menu.
5. Select a name for the shortcut and click OK.

1. Either logoff from your remote account using: exit
   or, instead of logging off, click the Disconnect button (the fifth and last of the first set of icons in the SecureCRT tool bar; figure 2), a picture of a terminal with a red X on it. (Use exit, not logoff or logout; the latter two don't work.)
2. Then close the SecureCRT window either by selecting File->Exit or clicking the Close box in the upper right corner of the SecureCRT window.

Using SFTP with SecureFX not only secure, it's easy!

When you open SecureFX for the first time, it explains how SecureCRT and SecureFX work together and asks whether it can keep the SecureFX config information in the same place as your SecureCRT config information. For ease of use, click Yes.

You define sessions for SFTP in exactly the same way (and same info) as you define them for SSH, only the protocol is SFTP, not SSH.

In fact, you can add SFTP to your SSH Sessions, so they work for both, but you must do this in SecureFX:

1. Save the connection by clicking Save Session when you're defining the session in the Quick Connect dialog box.
2. Open the tree listing your saved sessions (use the first icon in the main window tool bar).
3. Right-click on the session that you want to file transfer to or from.
4. Select Properties from the Right-click menu.
5. On the Connection tab (the first one at the top on the left side), select SFTP for File Transfer:.
6. Click OK.

You open and setup SecureFX in the same way as you did SecureCRT. Here are a few things that you can do when you have a session open in SecureFX:

To download a file or directory:

To copy a remote file to your personal computer, select the file you want to download in top half of the SFTP window and right-click and select Download from the right-click menu. (See figure 2.) Or drag-and-drop files as you would in Windows Explorer.

To upload a file or directory:

To copy a file to the remote computer from your personal computer, open the remote directory you want upload it into and either drag-and-drop the PC file to it, or use File -> Manual Upload to open a Windows file transfer dialog box.

To change a file or directory's UNIX access permissions:,

Right-click on the filename on the remote computer and select Properties or use the Properties icon in the tool bar (a hand holding a window(in the upper right), immediately to the right of the black X, in the middle of the toolbar). (SFTP calls UNIX file permissions "Attributes"; see figure 3.)

To rename or delete a file or directory:

Right-click on the file or directory's filename and select Rename or Delete, or for Delete, use the black X icon in the middle of the toolbar.

To view dot files such as .procmailrc

View -> Dot Files

There are lots of other cool things you can do with files and with Accounts using SecureFX and SecureCRT.

Explore when you get a chance.

Figure 2: Using SecureFX The sFTP icon is the second icon in the fourth set in the tool bar (a file folder with a quarter circle of blue dots over it). Click it to open a sFTP session to the remote host. The file transfer window gives you a view of your files on the remote host. On the right is a directory tree, on the left are the files in the current directory. Below, usually collapsed so that you can't see much, is a log of all the actual (S)FTP commands being used. In the illustration, Ada Byron has downloaded the files in her Web directory, public_html. After she highlighted the files, a Windows file save dialog box opened and she chose the directory on the PC that she wanted the files downloaded to. The bottom half of the window is a record of the download. Alternately, she could drag-and-drop, either to download or to upload.

Figure 3: Changing UNIX Permissions in SecureFX SecureFX makes it very simple to change the permissions for UNIX files and directories. Right-click on the file or directory's name, then select Properties from the menu. Click in the appropriate boxes as shown below to change permissions. The right-click menu also allows you to delete or rename your UNIX files or directories.